Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Explorer 7 Security Features Steve Lamb Technical Security Microsoft Ltd

Published byJustina McCarthy Modified over 9 years ago

Similar presentations

Presentation on theme: "Internet Explorer 7 Security Features Steve Lamb Technical Security Microsoft Ltd"— Presentation transcript:

1 Internet Explorer 7 Security Features Steve Lamb Technical Security Evangelist @ Microsoft Ltd Stephen.lamb@microsoft.comhttp://blogs.technet.com/steve_lamb

2 Agenda Lessons learned from IE in Windows XP SP2 Overview of Internet Explorer 7 Detailed features and demo Timeline More information

3 First, Let me ask… How many of you are using IE7 now? What build? How can we help you?

4 Post Windows XP SP2 Strengths Big security investments were worthwhile Right balance of application compatibility and security Opportunities to improve Social attacks (phishing) as important as code execution Bad trust decisions don ’ t have an “ undo ” option Make life better for Web developers Everyone wants new features

5 Internet Explorer 7 Major innovations in IE7 for Windows XP SP2 Enhanced functionality in IE7 in Windows Vista includes: Protected Mode Parental Controls integration Key areas of focus: Makes everyday tasks easier Dynamic security protection Improved platform and manageability

6 IE7 – New Look

7 Tabbed Browsing

8 Quick Tabs

9 Page Zoom Before After

10 Shrink-To-Fit Printing Web Pages Automatically Formatted To Print Properly

11 Inline Search

12 RSS Feed Platform Automatic Delivery Of Personalized Information Windows Supports RSS Feeds in Three Ways – Discover, subscribe & read as you browse – Update all feeds with a single click – Provides Common Feed List and Feed Store to enable any application to easily support RSS – Enables new scenarios via Simple List Extensions, giving RSS feeds the power to do moreBrowsersReadersAppsWebsites

13 RSS Feed Reader

14 Enhanced Validation Certificates Clearer information about trusted sites Trust Badge rotates to show Certificate Authority

15 15 Dynamic Security Protection Internet Explorer 7 Technology to protect against technology attacks Limit programmatic access Reduce attack surface Warn if settings insecure Simplified architecture Technology to protect against social attacks Anti-phishing service Secure site visuals and info Address bar anti-spoofing “One-click cleanup”

16 Security Features Protecting the machine from technology attacks Unified URL parsing Cross-domain security enhancements Code quality improvements to reduce buffer overruns ActiveX Opt-in Protected Mode (Microsoft Windows Vista only) Protecting the user from social attacks Download scanning with Windows Defender Phishing Filter High-assurance SSL and address bar Dangerous settings notification Secure defaults for International Domain Names Parental controls (Windows Vista only)

17 ActiveX Opt-in & Protected Mode Defending systems from malicious attack ActiveX Opt-in: puts users in control Most controls disabled Reduces attack surface Retain ActiveX benefits, increase user security Protected Mode*: reduces severity of threats IE process ‘sandboxed’ to protect OS Eliminates silent malware install Designed for security and compatibility ActiveX Opt-in Enabled Controls Windows Disabled Controls User Action Protected Mode User Action IE Cache My Computer (C:) Broker Process Low Rights * Windows Vista only

18 Change Settings, Download a Picture Exploit can install MALWARE IExplore.exe Install an ActiveX control Cache Web content Exploit can install MALWARE Admin Rights Access User Rights Access Temp Internet Files HKLM Program Files HKCU My Documents Startup Folder Untrusted files and settings Internet Explorer Running with Full Privileges

19 ProtectedMode Internet Explorer Install an ActiveX control Change settings, Save a picture Integrity Control Broker Process Redirected settings and files Compat Redirector Cache Web content Admin Rights Access User Rights Access Temp Internet Files HKLMHKCR Program Files HKCU My Documents Startup Folder Untrusted files and settings Broker Process Protected Mode Runs with Lowest Privilege

20 20 Security Status Bar Makes users aware of online security and privacy Enhanced Validation Standard Security Phishing Filter (Warn) Trusted party has provided extensive verification for the authenticity of certificate holder Website provided a certificate matching the server and appears trustworthy The website contains characteristics found in phishing websites … proceed cautiously Incorrect Data There are errors in the certificate provided and the website should not be trusted Phishing Filter (Block) A warning is displayed and users are navigated away from the website

21 https://urs.microsoft.com IEAPFLTR.DAT Known Good URLs Phishing Filter Client-side heuristics, allow-list, and Web service URL Reputation Service

22 Phishing Filter Populating the URL reputation service https://urs.microsoft.com End User Report Grader Confirmed Sites Site Owner Report Third Party Phishing databases URL Reputation Service

23 Address Bar Everywhere

24 Fix My Settings

25 IDN Display

26 Phishing Filter – Suspicious Site

27 Phishing Filter - Blocked Site

28 Fix My Settings

29 Customer Call To Action Read the technology overview Upgrade to IE7 RTM Test LOB applications and public websites Provide feedback to Microsoft (mailto:ietell@microsoft.com)mailto:ietell@microsoft.com

30 More IE7 Information Download the IE7 RC1 at http://www.microsoft.com/ie http://www.microsoft.com/ie Technical docs on IE Developer Center http://msdn.microsoft.com/ie http://msdn.microsoft.com/ie IT Administrator information on Technet http://www.microsoft.com/technet/prodtechn ol/IE/ieak7 http://www.microsoft.com/technet/prodtechn ol/IE/ieak7 More technical information on TechNet http://www.microsoft.com/technet/prodtechn ol/IE http://www.microsoft.com/technet/prodtechn ol/IE Follow the IE Team Blog at http://blogs.msdn.com/ie http://blogs.msdn.com/ie

31 Resources 1 Internet Explorer Blog http://blogs.msdn.com/ie/ Internet Explorer Feedback Alias ietell@microsoft.com Internet Explorer Developer Center http://msdn.microsoft.com/ie/ Internet Explorer 7 Readiness Toolkit http://go.microsoft.com/fwlink/?LinkId=64421 Internet Explorer 7 App Compat Toolkit http://blogs.technet.com/all_things_appcompat/default.aspx Internet Explorer 7 External Bug Database https://connect.microsoft.com/site/sitehome.aspx?SiteID=136 Internet Explorer Administration Kit (IEAK) 7 Beta 2 http://www.microsoft.com/technet/prodtechnol/ie/ieak7/default.mspx

32 Resources 2 Technical Chats and Webcasts http://www.microsoft.com/communities/chats/default.mspx http://www.microsoft.com/usa/webcasts/default.asp Microsoft Learning and Certification http://www.microsoft.com/learning/default.mspx MSDN & TechNet http://microsoft.com/msdn http://microsoft.com/technet Virtual Labs http://www.microsoft.com/technet/traincert/virtuallab/rms.mspx Newsgroups http://communities2.microsoft.com/ communities/newsgroups/en-us/default.aspx Technical Community Sites http://www.microsoft.com/communities/default.mspx User Groups http://www.microsoft.com/communities/usergroups/default.mspx

33 © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. Steve Lamb Technical Security Evangelist @ Microsoft Ltd Stephen.lamb@microsoft.comhttp://blogs.technet.com/steve_lamb

Download ppt "Internet Explorer 7 Security Features Steve Lamb Technical Security Microsoft Ltd"

Similar presentations

IEs Protected Mode in Windows Vista TM January 20, 2006 Marc Silbey Program Manager.

IEs Protected Mode in Windows Vista TM January 20, 2006 Marc Silbey Program Manager.
Why should my organisation move to Internet Explorer 9? An upgrade guide for IT professionals.

Why should my organisation move to Internet Explorer 9? An upgrade guide for IT professionals.
Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:
Lesson 10: Starting Windows Applications start an application program move between open application programs start an application using the Run command.

Lesson 10: Starting Windows Applications start an application program move between open application programs start an application using the Run command.
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
Configuring Windows Internet Explorer 7 Security Lesson 5.

Configuring Windows Internet Explorer 7 Security Lesson 5.
Connect with life Gopikrishna Kannan Program Manager | Microsoft Corporation

Connect with life Gopikrishna Kannan Program Manager | Microsoft Corporation
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Chapter 9: Configuring Internet Explorer. Internet Explorer Usability Features Reorganized user interface Instant Search box RSS support Tabbed browsing.

Chapter 9: Configuring Internet Explorer. Internet Explorer Usability Features Reorganized user interface Instant Search box RSS support Tabbed browsing.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation. All.

This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation. All.
The New Internet Explorer 7 By Ronald Pastor. Overview  Makes everyday web surfing easier –Internet Explorer 7 provides improved navigation through tabbed.

The New Internet Explorer 7 By Ronald Pastor. Overview  Makes everyday web surfing easier –Internet Explorer 7 provides improved navigation through tabbed.
Optimizing Client Security by Using Windows Vista.

Optimizing Client Security by Using Windows Vista.
Information for Developers Windows XP Service Pack 2 Information for Developers.

Information for Developers Windows XP Service Pack 2 Information for Developers.
1 of 7 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 7 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
April-June 2006 Windows Hosting Seminar Series Product Roadmap: IIS 7.0 Matthew Boettcher Web Platform Technical Evangelist (Hosting) Developer & Platform.

April-June 2006 Windows Hosting Seminar Series Product Roadmap: IIS 7.0 Matthew Boettcher Web Platform Technical Evangelist (Hosting) Developer & Platform.
Internet Explorer Opportunities For Partners Margaret Cobb Product Manager IE Group Microsoft Corporation.

Internet Explorer Opportunities For Partners Margaret Cobb Product Manager IE Group Microsoft Corporation.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.

11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
Internet Explorer Today & Tomorrow Margaret Cobb Internet Explorer Product Manager Windows Client Group microsoft.com Microsoft Corporation.

Internet Explorer Today & Tomorrow Margaret Cobb Internet Explorer Product Manager Windows Client Group microsoft.com Microsoft Corporation.
Cyra Richardson Microsoft Corporation Internet Explorer 7.

Cyra Richardson Microsoft Corporation Internet Explorer 7.
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.

Similar presentations

Ads by Google